//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2024 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

#if canImport(FoundationEssentials)
import FoundationEssentials
#else
import Foundation
#endif
@_spi(SotoInternal) import SotoCore

extension CognitoIdentity {
    // MARK: Enums

    public enum AmbiguousRoleResolutionType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case authenticatedRole = "AuthenticatedRole"
        case deny = "Deny"
        public var description: String { return self.rawValue }
    }

    public enum ErrorCode: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case accessDenied = "AccessDenied"
        case internalServerError = "InternalServerError"
        public var description: String { return self.rawValue }
    }

    public enum MappingRuleMatchType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case contains = "Contains"
        case equals = "Equals"
        case notEqual = "NotEqual"
        case startsWith = "StartsWith"
        public var description: String { return self.rawValue }
    }

    public enum RoleMappingType: String, CustomStringConvertible, Codable, Sendable, CodingKeyRepresentable {
        case rules = "Rules"
        case token = "Token"
        public var description: String { return self.rawValue }
    }

    // MARK: Shapes

    public struct CognitoIdentityProvider: AWSEncodableShape & AWSDecodableShape {
        /// The client ID for the Amazon Cognito user pool.
        public let clientId: String?
        /// The provider name for an Amazon Cognito user pool. For example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789.
        public let providerName: String?
        /// TRUE if server-side token validation is enabled for the identity provider’s token. Once you set ServerSideTokenCheck to TRUE for an identity pool, that identity pool will check with the integrated user pools to make sure that the user has not been globally signed out or deleted before the identity pool provides an OIDC token or Amazon Web Services credentials for the user. If the user is signed out or deleted, the identity pool will return a 400 Not Authorized error.
        public let serverSideTokenCheck: Bool?

        @inlinable
        public init(clientId: String? = nil, providerName: String? = nil, serverSideTokenCheck: Bool? = nil) {
            self.clientId = clientId
            self.providerName = providerName
            self.serverSideTokenCheck = serverSideTokenCheck
        }

        public func validate(name: String) throws {
            try self.validate(self.clientId, name: "clientId", parent: name, max: 128)
            try self.validate(self.clientId, name: "clientId", parent: name, min: 1)
            try self.validate(self.clientId, name: "clientId", parent: name, pattern: "^[\\w_]+$")
            try self.validate(self.providerName, name: "providerName", parent: name, max: 128)
            try self.validate(self.providerName, name: "providerName", parent: name, min: 1)
            try self.validate(self.providerName, name: "providerName", parent: name, pattern: "^[\\w._:/-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case clientId = "ClientId"
            case providerName = "ProviderName"
            case serverSideTokenCheck = "ServerSideTokenCheck"
        }
    }

    public struct CreateIdentityPoolInput: AWSEncodableShape {
        /// Enables or disables the Basic (Classic) authentication flow. For more information, see Identity Pools (Federated Identities) Authentication Flow in the Amazon Cognito Developer Guide.
        public let allowClassicFlow: Bool?
        /// TRUE if the identity pool supports unauthenticated logins.
        public let allowUnauthenticatedIdentities: Bool
        /// An array of Amazon Cognito user pools and their client IDs.
        public let cognitoIdentityProviders: [CognitoIdentityProvider]?
        /// The "domain" by which Cognito will refer to your users. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider. For the DeveloperProviderName, you can use letters as well as period (.), underscore (_), and dash (-). Once you have set a developer provider name, you cannot change it. Please take care in setting this parameter.
        public let developerProviderName: String?
        /// A string that you provide.
        public let identityPoolName: String
        /// Tags to assign to the identity pool. A tag is a label that you can apply to identity pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
        public let identityPoolTags: [String: String]?
        /// The Amazon Resource Names (ARN) of the OpenID Connect providers.
        public let openIdConnectProviderARNs: [String]?
        /// An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.
        public let samlProviderARNs: [String]?
        /// Optional key:value pairs mapping provider names to provider app IDs.
        public let supportedLoginProviders: [String: String]?

        @inlinable
        public init(allowClassicFlow: Bool? = nil, allowUnauthenticatedIdentities: Bool = false, cognitoIdentityProviders: [CognitoIdentityProvider]? = nil, developerProviderName: String? = nil, identityPoolName: String, identityPoolTags: [String: String]? = nil, openIdConnectProviderARNs: [String]? = nil, samlProviderARNs: [String]? = nil, supportedLoginProviders: [String: String]? = nil) {
            self.allowClassicFlow = allowClassicFlow
            self.allowUnauthenticatedIdentities = allowUnauthenticatedIdentities
            self.cognitoIdentityProviders = cognitoIdentityProviders
            self.developerProviderName = developerProviderName
            self.identityPoolName = identityPoolName
            self.identityPoolTags = identityPoolTags
            self.openIdConnectProviderARNs = openIdConnectProviderARNs
            self.samlProviderARNs = samlProviderARNs
            self.supportedLoginProviders = supportedLoginProviders
        }

        public func validate(name: String) throws {
            try self.cognitoIdentityProviders?.forEach {
                try $0.validate(name: "\(name).cognitoIdentityProviders[]")
            }
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, max: 128)
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, min: 1)
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, pattern: "^[\\w._-]+$")
            try self.validate(self.identityPoolName, name: "identityPoolName", parent: name, max: 128)
            try self.validate(self.identityPoolName, name: "identityPoolName", parent: name, min: 1)
            try self.validate(self.identityPoolName, name: "identityPoolName", parent: name, pattern: "^[\\w\\s+=,.@-]+$")
            try self.identityPoolTags?.forEach {
                try validate($0.key, name: "identityPoolTags.key", parent: name, max: 128)
                try validate($0.key, name: "identityPoolTags.key", parent: name, min: 1)
                try validate($0.value, name: "identityPoolTags[\"\($0.key)\"]", parent: name, max: 256)
            }
            try self.openIdConnectProviderARNs?.forEach {
                try validate($0, name: "openIdConnectProviderARNs[]", parent: name, max: 2048)
                try validate($0, name: "openIdConnectProviderARNs[]", parent: name, min: 20)
            }
            try self.samlProviderARNs?.forEach {
                try validate($0, name: "samlProviderARNs[]", parent: name, max: 2048)
                try validate($0, name: "samlProviderARNs[]", parent: name, min: 20)
            }
            try self.supportedLoginProviders?.forEach {
                try validate($0.key, name: "supportedLoginProviders.key", parent: name, max: 128)
                try validate($0.key, name: "supportedLoginProviders.key", parent: name, min: 1)
                try validate($0.value, name: "supportedLoginProviders[\"\($0.key)\"]", parent: name, max: 128)
                try validate($0.value, name: "supportedLoginProviders[\"\($0.key)\"]", parent: name, min: 1)
                try validate($0.value, name: "supportedLoginProviders[\"\($0.key)\"]", parent: name, pattern: "^[\\w.;_/-]+$")
            }
            try self.validate(self.supportedLoginProviders, name: "supportedLoginProviders", parent: name, max: 10)
        }

        private enum CodingKeys: String, CodingKey {
            case allowClassicFlow = "AllowClassicFlow"
            case allowUnauthenticatedIdentities = "AllowUnauthenticatedIdentities"
            case cognitoIdentityProviders = "CognitoIdentityProviders"
            case developerProviderName = "DeveloperProviderName"
            case identityPoolName = "IdentityPoolName"
            case identityPoolTags = "IdentityPoolTags"
            case openIdConnectProviderARNs = "OpenIdConnectProviderARNs"
            case samlProviderARNs = "SamlProviderARNs"
            case supportedLoginProviders = "SupportedLoginProviders"
        }
    }

    public struct Credentials: AWSDecodableShape {
        /// The Access Key portion of the credentials.
        public let accessKeyId: String?
        /// The date at which these credentials will expire.
        public let expiration: Date?
        /// The Secret Access Key portion of the credentials
        public let secretKey: String?
        /// The Session Token portion of the credentials
        public let sessionToken: String?

        @inlinable
        public init(accessKeyId: String? = nil, expiration: Date? = nil, secretKey: String? = nil, sessionToken: String? = nil) {
            self.accessKeyId = accessKeyId
            self.expiration = expiration
            self.secretKey = secretKey
            self.sessionToken = sessionToken
        }

        private enum CodingKeys: String, CodingKey {
            case accessKeyId = "AccessKeyId"
            case expiration = "Expiration"
            case secretKey = "SecretKey"
            case sessionToken = "SessionToken"
        }
    }

    public struct DeleteIdentitiesInput: AWSEncodableShape {
        /// A list of 1-60 identities that you want to delete.
        public let identityIdsToDelete: [String]

        @inlinable
        public init(identityIdsToDelete: [String]) {
            self.identityIdsToDelete = identityIdsToDelete
        }

        public func validate(name: String) throws {
            try self.identityIdsToDelete.forEach {
                try validate($0, name: "identityIdsToDelete[]", parent: name, max: 55)
                try validate($0, name: "identityIdsToDelete[]", parent: name, min: 1)
                try validate($0, name: "identityIdsToDelete[]", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            }
            try self.validate(self.identityIdsToDelete, name: "identityIdsToDelete", parent: name, max: 60)
            try self.validate(self.identityIdsToDelete, name: "identityIdsToDelete", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case identityIdsToDelete = "IdentityIdsToDelete"
        }
    }

    public struct DeleteIdentitiesResponse: AWSDecodableShape {
        /// An array of UnprocessedIdentityId objects, each of which contains an ErrorCode and IdentityId.
        public let unprocessedIdentityIds: [UnprocessedIdentityId]?

        @inlinable
        public init(unprocessedIdentityIds: [UnprocessedIdentityId]? = nil) {
            self.unprocessedIdentityIds = unprocessedIdentityIds
        }

        private enum CodingKeys: String, CodingKey {
            case unprocessedIdentityIds = "UnprocessedIdentityIds"
        }
    }

    public struct DeleteIdentityPoolInput: AWSEncodableShape {
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String

        @inlinable
        public init(identityPoolId: String) {
            self.identityPoolId = identityPoolId
        }

        public func validate(name: String) throws {
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case identityPoolId = "IdentityPoolId"
        }
    }

    public struct DescribeIdentityInput: AWSEncodableShape {
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String

        @inlinable
        public init(identityId: String) {
            self.identityId = identityId
        }

        public func validate(name: String) throws {
            try self.validate(self.identityId, name: "identityId", parent: name, max: 55)
            try self.validate(self.identityId, name: "identityId", parent: name, min: 1)
            try self.validate(self.identityId, name: "identityId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case identityId = "IdentityId"
        }
    }

    public struct DescribeIdentityPoolInput: AWSEncodableShape {
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String

        @inlinable
        public init(identityPoolId: String) {
            self.identityPoolId = identityPoolId
        }

        public func validate(name: String) throws {
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case identityPoolId = "IdentityPoolId"
        }
    }

    public struct GetCredentialsForIdentityInput: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the role to be assumed when multiple roles were received in the token from the identity provider. For example, a SAML-based identity provider. This parameter is optional for identity providers that do not support role customization.
        public let customRoleArn: String?
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String
        /// A set of optional name-value pairs that map provider names to provider tokens. The name-value pair will follow the syntax "provider_name": "provider_user_identifier". Logins should not be specified when trying to get credentials for an unauthenticated identity. The Logins parameter is required when using identities associated with external identity providers such as Facebook. For examples of Logins maps, see the code examples in the External Identity Providers section of the Amazon Cognito Developer Guide.
        public let logins: [String: String]?

        @inlinable
        public init(customRoleArn: String? = nil, identityId: String, logins: [String: String]? = nil) {
            self.customRoleArn = customRoleArn
            self.identityId = identityId
            self.logins = logins
        }

        public func validate(name: String) throws {
            try self.validate(self.customRoleArn, name: "customRoleArn", parent: name, max: 2048)
            try self.validate(self.customRoleArn, name: "customRoleArn", parent: name, min: 20)
            try self.validate(self.identityId, name: "identityId", parent: name, max: 55)
            try self.validate(self.identityId, name: "identityId", parent: name, min: 1)
            try self.validate(self.identityId, name: "identityId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.logins?.forEach {
                try validate($0.key, name: "logins.key", parent: name, max: 128)
                try validate($0.key, name: "logins.key", parent: name, min: 1)
                try validate($0.value, name: "logins[\"\($0.key)\"]", parent: name, max: 50000)
                try validate($0.value, name: "logins[\"\($0.key)\"]", parent: name, min: 1)
            }
            try self.validate(self.logins, name: "logins", parent: name, max: 10)
        }

        private enum CodingKeys: String, CodingKey {
            case customRoleArn = "CustomRoleArn"
            case identityId = "IdentityId"
            case logins = "Logins"
        }
    }

    public struct GetCredentialsForIdentityResponse: AWSDecodableShape {
        /// Credentials for the provided identity ID.
        public let credentials: Credentials?
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String?

        @inlinable
        public init(credentials: Credentials? = nil, identityId: String? = nil) {
            self.credentials = credentials
            self.identityId = identityId
        }

        private enum CodingKeys: String, CodingKey {
            case credentials = "Credentials"
            case identityId = "IdentityId"
        }
    }

    public struct GetIdInput: AWSEncodableShape {
        /// A standard Amazon Web Services account ID (9+ digits).
        public let accountId: String?
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String
        /// A set of optional name-value pairs that map provider names to provider tokens. The available provider names for Logins are as follows:   Facebook: graph.facebook.com    Amazon Cognito user pool: cognito-idp..amazonaws.com/, for example, cognito-idp.us-east-1.amazonaws.com/us-east-1_123456789.    Google: accounts.google.com    Amazon: www.amazon.com    Twitter: api.twitter.com    Digits: www.digits.com
        public let logins: [String: String]?

        @inlinable
        public init(accountId: String? = nil, identityPoolId: String, logins: [String: String]? = nil) {
            self.accountId = accountId
            self.identityPoolId = identityPoolId
            self.logins = logins
        }

        public func validate(name: String) throws {
            try self.validate(self.accountId, name: "accountId", parent: name, max: 15)
            try self.validate(self.accountId, name: "accountId", parent: name, min: 1)
            try self.validate(self.accountId, name: "accountId", parent: name, pattern: "^\\d+$")
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.logins?.forEach {
                try validate($0.key, name: "logins.key", parent: name, max: 128)
                try validate($0.key, name: "logins.key", parent: name, min: 1)
                try validate($0.value, name: "logins[\"\($0.key)\"]", parent: name, max: 50000)
                try validate($0.value, name: "logins[\"\($0.key)\"]", parent: name, min: 1)
            }
            try self.validate(self.logins, name: "logins", parent: name, max: 10)
        }

        private enum CodingKeys: String, CodingKey {
            case accountId = "AccountId"
            case identityPoolId = "IdentityPoolId"
            case logins = "Logins"
        }
    }

    public struct GetIdResponse: AWSDecodableShape {
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String?

        @inlinable
        public init(identityId: String? = nil) {
            self.identityId = identityId
        }

        private enum CodingKeys: String, CodingKey {
            case identityId = "IdentityId"
        }
    }

    public struct GetIdentityPoolRolesInput: AWSEncodableShape {
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String

        @inlinable
        public init(identityPoolId: String) {
            self.identityPoolId = identityPoolId
        }

        public func validate(name: String) throws {
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case identityPoolId = "IdentityPoolId"
        }
    }

    public struct GetIdentityPoolRolesResponse: AWSDecodableShape {
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String?
        /// How users for a specific identity provider are to mapped to roles. This is a String-to-RoleMapping object map. The string identifies the identity provider, for example, graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id.
        public let roleMappings: [String: RoleMapping]?
        /// The map of roles associated with this pool. Currently only authenticated and unauthenticated roles are supported.
        public let roles: [String: String]?

        @inlinable
        public init(identityPoolId: String? = nil, roleMappings: [String: RoleMapping]? = nil, roles: [String: String]? = nil) {
            self.identityPoolId = identityPoolId
            self.roleMappings = roleMappings
            self.roles = roles
        }

        private enum CodingKeys: String, CodingKey {
            case identityPoolId = "IdentityPoolId"
            case roleMappings = "RoleMappings"
            case roles = "Roles"
        }
    }

    public struct GetOpenIdTokenForDeveloperIdentityInput: AWSEncodableShape {
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String?
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String
        /// A set of optional name-value pairs that map provider names to provider tokens. Each name-value pair represents a user from a public provider or developer provider. If the user is from a developer provider, the name-value pair will follow the syntax "developer_provider_name": "developer_user_identifier". The developer provider is the "domain" by which Cognito will refer to your users; you provided this domain while creating/updating the identity pool. The developer user identifier is an identifier from your backend that uniquely identifies a user. When you create an identity pool, you can specify the supported logins.
        public let logins: [String: String]
        /// Use this operation to configure attribute mappings for custom providers.
        public let principalTags: [String: String]?
        /// The expiration time of the token, in seconds. You can specify a custom expiration time for the token so that you can cache it. If you don't provide an expiration time, the token is valid for 15 minutes. You can exchange the token with Amazon STS for temporary Amazon Web Services credentials, which are valid for a maximum of one hour. The maximum token duration you can set is 24 hours. You should take care in setting the expiration time for a token, as there are significant security implications: an attacker could use a leaked token to access your Amazon Web Services resources for the token's duration.  Please provide for a small grace period, usually no more than 5 minutes, to account for clock skew.
        public let tokenDuration: Int64?

        @inlinable
        public init(identityId: String? = nil, identityPoolId: String, logins: [String: String], principalTags: [String: String]? = nil, tokenDuration: Int64? = nil) {
            self.identityId = identityId
            self.identityPoolId = identityPoolId
            self.logins = logins
            self.principalTags = principalTags
            self.tokenDuration = tokenDuration
        }

        public func validate(name: String) throws {
            try self.validate(self.identityId, name: "identityId", parent: name, max: 55)
            try self.validate(self.identityId, name: "identityId", parent: name, min: 1)
            try self.validate(self.identityId, name: "identityId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.logins.forEach {
                try validate($0.key, name: "logins.key", parent: name, max: 128)
                try validate($0.key, name: "logins.key", parent: name, min: 1)
                try validate($0.value, name: "logins[\"\($0.key)\"]", parent: name, max: 50000)
                try validate($0.value, name: "logins[\"\($0.key)\"]", parent: name, min: 1)
            }
            try self.validate(self.logins, name: "logins", parent: name, max: 10)
            try self.principalTags?.forEach {
                try validate($0.key, name: "principalTags.key", parent: name, max: 128)
                try validate($0.key, name: "principalTags.key", parent: name, min: 1)
                try validate($0.value, name: "principalTags[\"\($0.key)\"]", parent: name, max: 256)
                try validate($0.value, name: "principalTags[\"\($0.key)\"]", parent: name, min: 1)
            }
            try self.validate(self.principalTags, name: "principalTags", parent: name, max: 50)
            try self.validate(self.tokenDuration, name: "tokenDuration", parent: name, max: 86400)
            try self.validate(self.tokenDuration, name: "tokenDuration", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case identityId = "IdentityId"
            case identityPoolId = "IdentityPoolId"
            case logins = "Logins"
            case principalTags = "PrincipalTags"
            case tokenDuration = "TokenDuration"
        }
    }

    public struct GetOpenIdTokenForDeveloperIdentityResponse: AWSDecodableShape {
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String?
        /// An OpenID token.
        public let token: String?

        @inlinable
        public init(identityId: String? = nil, token: String? = nil) {
            self.identityId = identityId
            self.token = token
        }

        private enum CodingKeys: String, CodingKey {
            case identityId = "IdentityId"
            case token = "Token"
        }
    }

    public struct GetOpenIdTokenInput: AWSEncodableShape {
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String
        /// A set of optional name-value pairs that map provider names to provider tokens. When using graph.facebook.com and www.amazon.com, supply the access_token returned from the provider's authflow. For accounts.google.com, an Amazon Cognito user pool provider, or any other OpenID Connect provider, always include the id_token.
        public let logins: [String: String]?

        @inlinable
        public init(identityId: String, logins: [String: String]? = nil) {
            self.identityId = identityId
            self.logins = logins
        }

        public func validate(name: String) throws {
            try self.validate(self.identityId, name: "identityId", parent: name, max: 55)
            try self.validate(self.identityId, name: "identityId", parent: name, min: 1)
            try self.validate(self.identityId, name: "identityId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.logins?.forEach {
                try validate($0.key, name: "logins.key", parent: name, max: 128)
                try validate($0.key, name: "logins.key", parent: name, min: 1)
                try validate($0.value, name: "logins[\"\($0.key)\"]", parent: name, max: 50000)
                try validate($0.value, name: "logins[\"\($0.key)\"]", parent: name, min: 1)
            }
            try self.validate(self.logins, name: "logins", parent: name, max: 10)
        }

        private enum CodingKeys: String, CodingKey {
            case identityId = "IdentityId"
            case logins = "Logins"
        }
    }

    public struct GetOpenIdTokenResponse: AWSDecodableShape {
        /// A unique identifier in the format REGION:GUID. Note that the IdentityId returned may not match the one passed on input.
        public let identityId: String?
        /// An OpenID token, valid for 10 minutes.
        public let token: String?

        @inlinable
        public init(identityId: String? = nil, token: String? = nil) {
            self.identityId = identityId
            self.token = token
        }

        private enum CodingKeys: String, CodingKey {
            case identityId = "IdentityId"
            case token = "Token"
        }
    }

    public struct GetPrincipalTagAttributeMapInput: AWSEncodableShape {
        /// You can use this operation to get the ID of the Identity Pool you setup attribute mappings for.
        public let identityPoolId: String
        /// You can use this operation to get the provider name.
        public let identityProviderName: String

        @inlinable
        public init(identityPoolId: String, identityProviderName: String) {
            self.identityPoolId = identityPoolId
            self.identityProviderName = identityProviderName
        }

        public func validate(name: String) throws {
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.validate(self.identityProviderName, name: "identityProviderName", parent: name, max: 128)
            try self.validate(self.identityProviderName, name: "identityProviderName", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case identityPoolId = "IdentityPoolId"
            case identityProviderName = "IdentityProviderName"
        }
    }

    public struct GetPrincipalTagAttributeMapResponse: AWSDecodableShape {
        /// You can use this operation to get the ID of the Identity Pool you setup attribute mappings for.
        public let identityPoolId: String?
        /// You can use this operation to get the provider name.
        public let identityProviderName: String?
        /// You can use this operation to add principal tags. The PrincipalTagsoperation enables you to reference user attributes in your IAM permissions policy.
        public let principalTags: [String: String]?
        /// You can use this operation to list
        public let useDefaults: Bool?

        @inlinable
        public init(identityPoolId: String? = nil, identityProviderName: String? = nil, principalTags: [String: String]? = nil, useDefaults: Bool? = nil) {
            self.identityPoolId = identityPoolId
            self.identityProviderName = identityProviderName
            self.principalTags = principalTags
            self.useDefaults = useDefaults
        }

        private enum CodingKeys: String, CodingKey {
            case identityPoolId = "IdentityPoolId"
            case identityProviderName = "IdentityProviderName"
            case principalTags = "PrincipalTags"
            case useDefaults = "UseDefaults"
        }
    }

    public struct IdentityDescription: AWSDecodableShape {
        /// Date on which the identity was created.
        public let creationDate: Date?
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String?
        /// Date on which the identity was last modified.
        public let lastModifiedDate: Date?
        /// The provider names.
        public let logins: [String]?

        @inlinable
        public init(creationDate: Date? = nil, identityId: String? = nil, lastModifiedDate: Date? = nil, logins: [String]? = nil) {
            self.creationDate = creationDate
            self.identityId = identityId
            self.lastModifiedDate = lastModifiedDate
            self.logins = logins
        }

        private enum CodingKeys: String, CodingKey {
            case creationDate = "CreationDate"
            case identityId = "IdentityId"
            case lastModifiedDate = "LastModifiedDate"
            case logins = "Logins"
        }
    }

    public struct IdentityPool: AWSEncodableShape & AWSDecodableShape {
        /// Enables or disables the Basic (Classic) authentication flow. For more information, see Identity Pools (Federated Identities) Authentication Flow in the Amazon Cognito Developer Guide.
        public let allowClassicFlow: Bool?
        /// TRUE if the identity pool supports unauthenticated logins.
        public let allowUnauthenticatedIdentities: Bool
        /// A list representing an Amazon Cognito user pool and its client ID.
        public let cognitoIdentityProviders: [CognitoIdentityProvider]?
        /// The "domain" by which Cognito will refer to your users.
        public let developerProviderName: String?
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String
        /// A string that you provide.
        public let identityPoolName: String
        /// The tags that are assigned to the identity pool. A tag is a label that you can apply to identity pools to categorize and manage them in different ways, such as by purpose, owner, environment, or other criteria.
        public let identityPoolTags: [String: String]?
        /// The ARNs of the OpenID Connect providers.
        public let openIdConnectProviderARNs: [String]?
        /// An array of Amazon Resource Names (ARNs) of the SAML provider for your identity pool.
        public let samlProviderARNs: [String]?
        /// Optional key:value pairs mapping provider names to provider app IDs.
        public let supportedLoginProviders: [String: String]?

        @inlinable
        public init(allowClassicFlow: Bool? = nil, allowUnauthenticatedIdentities: Bool, cognitoIdentityProviders: [CognitoIdentityProvider]? = nil, developerProviderName: String? = nil, identityPoolId: String, identityPoolName: String, identityPoolTags: [String: String]? = nil, openIdConnectProviderARNs: [String]? = nil, samlProviderARNs: [String]? = nil, supportedLoginProviders: [String: String]? = nil) {
            self.allowClassicFlow = allowClassicFlow
            self.allowUnauthenticatedIdentities = allowUnauthenticatedIdentities
            self.cognitoIdentityProviders = cognitoIdentityProviders
            self.developerProviderName = developerProviderName
            self.identityPoolId = identityPoolId
            self.identityPoolName = identityPoolName
            self.identityPoolTags = identityPoolTags
            self.openIdConnectProviderARNs = openIdConnectProviderARNs
            self.samlProviderARNs = samlProviderARNs
            self.supportedLoginProviders = supportedLoginProviders
        }

        public func validate(name: String) throws {
            try self.cognitoIdentityProviders?.forEach {
                try $0.validate(name: "\(name).cognitoIdentityProviders[]")
            }
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, max: 128)
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, min: 1)
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, pattern: "^[\\w._-]+$")
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.validate(self.identityPoolName, name: "identityPoolName", parent: name, max: 128)
            try self.validate(self.identityPoolName, name: "identityPoolName", parent: name, min: 1)
            try self.validate(self.identityPoolName, name: "identityPoolName", parent: name, pattern: "^[\\w\\s+=,.@-]+$")
            try self.identityPoolTags?.forEach {
                try validate($0.key, name: "identityPoolTags.key", parent: name, max: 128)
                try validate($0.key, name: "identityPoolTags.key", parent: name, min: 1)
                try validate($0.value, name: "identityPoolTags[\"\($0.key)\"]", parent: name, max: 256)
            }
            try self.openIdConnectProviderARNs?.forEach {
                try validate($0, name: "openIdConnectProviderARNs[]", parent: name, max: 2048)
                try validate($0, name: "openIdConnectProviderARNs[]", parent: name, min: 20)
            }
            try self.samlProviderARNs?.forEach {
                try validate($0, name: "samlProviderARNs[]", parent: name, max: 2048)
                try validate($0, name: "samlProviderARNs[]", parent: name, min: 20)
            }
            try self.supportedLoginProviders?.forEach {
                try validate($0.key, name: "supportedLoginProviders.key", parent: name, max: 128)
                try validate($0.key, name: "supportedLoginProviders.key", parent: name, min: 1)
                try validate($0.value, name: "supportedLoginProviders[\"\($0.key)\"]", parent: name, max: 128)
                try validate($0.value, name: "supportedLoginProviders[\"\($0.key)\"]", parent: name, min: 1)
                try validate($0.value, name: "supportedLoginProviders[\"\($0.key)\"]", parent: name, pattern: "^[\\w.;_/-]+$")
            }
            try self.validate(self.supportedLoginProviders, name: "supportedLoginProviders", parent: name, max: 10)
        }

        private enum CodingKeys: String, CodingKey {
            case allowClassicFlow = "AllowClassicFlow"
            case allowUnauthenticatedIdentities = "AllowUnauthenticatedIdentities"
            case cognitoIdentityProviders = "CognitoIdentityProviders"
            case developerProviderName = "DeveloperProviderName"
            case identityPoolId = "IdentityPoolId"
            case identityPoolName = "IdentityPoolName"
            case identityPoolTags = "IdentityPoolTags"
            case openIdConnectProviderARNs = "OpenIdConnectProviderARNs"
            case samlProviderARNs = "SamlProviderARNs"
            case supportedLoginProviders = "SupportedLoginProviders"
        }
    }

    public struct IdentityPoolShortDescription: AWSDecodableShape {
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String?
        /// A string that you provide.
        public let identityPoolName: String?

        @inlinable
        public init(identityPoolId: String? = nil, identityPoolName: String? = nil) {
            self.identityPoolId = identityPoolId
            self.identityPoolName = identityPoolName
        }

        private enum CodingKeys: String, CodingKey {
            case identityPoolId = "IdentityPoolId"
            case identityPoolName = "IdentityPoolName"
        }
    }

    public struct ListIdentitiesInput: AWSEncodableShape {
        /// An optional boolean parameter that allows you to hide disabled identities. If omitted, the ListIdentities API will include disabled identities in the response.
        public let hideDisabled: Bool?
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String
        /// The maximum number of identities to return.
        public let maxResults: Int
        /// A pagination token.
        public let nextToken: String?

        @inlinable
        public init(hideDisabled: Bool? = nil, identityPoolId: String, maxResults: Int, nextToken: String? = nil) {
            self.hideDisabled = hideDisabled
            self.identityPoolId = identityPoolId
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 60)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 65535)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\S]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case hideDisabled = "HideDisabled"
            case identityPoolId = "IdentityPoolId"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListIdentitiesResponse: AWSDecodableShape {
        /// An object containing a set of identities and associated mappings.
        public let identities: [IdentityDescription]?
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String?
        /// A pagination token.
        public let nextToken: String?

        @inlinable
        public init(identities: [IdentityDescription]? = nil, identityPoolId: String? = nil, nextToken: String? = nil) {
            self.identities = identities
            self.identityPoolId = identityPoolId
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case identities = "Identities"
            case identityPoolId = "IdentityPoolId"
            case nextToken = "NextToken"
        }
    }

    public struct ListIdentityPoolsInput: AWSEncodableShape {
        /// The maximum number of identities to return.
        public let maxResults: Int
        /// A pagination token.
        public let nextToken: String?

        @inlinable
        public init(maxResults: Int, nextToken: String? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 60)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 65535)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\S]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListIdentityPoolsResponse: AWSDecodableShape {
        /// The identity pools returned by the ListIdentityPools action.
        public let identityPools: [IdentityPoolShortDescription]?
        /// A pagination token.
        public let nextToken: String?

        @inlinable
        public init(identityPools: [IdentityPoolShortDescription]? = nil, nextToken: String? = nil) {
            self.identityPools = identityPools
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case identityPools = "IdentityPools"
            case nextToken = "NextToken"
        }
    }

    public struct ListTagsForResourceInput: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the identity pool that the tags are assigned to.
        public let resourceArn: String

        @inlinable
        public init(resourceArn: String) {
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 20)
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "ResourceArn"
        }
    }

    public struct ListTagsForResourceResponse: AWSDecodableShape {
        /// The tags that are assigned to the identity pool.
        public let tags: [String: String]?

        @inlinable
        public init(tags: [String: String]? = nil) {
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case tags = "Tags"
        }
    }

    public struct LookupDeveloperIdentityInput: AWSEncodableShape {
        /// A unique ID used by your backend authentication process to identify a user. Typically, a developer identity provider would issue many developer user identifiers, in keeping with the number of users.
        public let developerUserIdentifier: String?
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String?
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String
        /// The maximum number of identities to return.
        public let maxResults: Int?
        /// A pagination token. The first call you make will have NextToken set to null. After that the service will return NextToken values as needed. For example, let's say you make a request with MaxResults set to 10, and there are 20 matches in the database. The service will return a pagination token as a part of the response. This token can be used to call the API again and get results starting from the 11th match.
        public let nextToken: String?

        @inlinable
        public init(developerUserIdentifier: String? = nil, identityId: String? = nil, identityPoolId: String, maxResults: Int? = nil, nextToken: String? = nil) {
            self.developerUserIdentifier = developerUserIdentifier
            self.identityId = identityId
            self.identityPoolId = identityPoolId
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.developerUserIdentifier, name: "developerUserIdentifier", parent: name, max: 1024)
            try self.validate(self.developerUserIdentifier, name: "developerUserIdentifier", parent: name, min: 1)
            try self.validate(self.identityId, name: "identityId", parent: name, max: 55)
            try self.validate(self.identityId, name: "identityId", parent: name, min: 1)
            try self.validate(self.identityId, name: "identityId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 60)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 65535)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, pattern: "^[\\S]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case developerUserIdentifier = "DeveloperUserIdentifier"
            case identityId = "IdentityId"
            case identityPoolId = "IdentityPoolId"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct LookupDeveloperIdentityResponse: AWSDecodableShape {
        /// This is the list of developer user identifiers associated with an identity ID. Cognito supports the association of multiple developer user identifiers with an identity ID.
        public let developerUserIdentifierList: [String]?
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String?
        /// A pagination token. The first call you make will have NextToken set to null. After that the service will return NextToken values as needed. For example, let's say you make a request with MaxResults set to 10, and there are 20 matches in the database. The service will return a pagination token as a part of the response. This token can be used to call the API again and get results starting from the 11th match.
        public let nextToken: String?

        @inlinable
        public init(developerUserIdentifierList: [String]? = nil, identityId: String? = nil, nextToken: String? = nil) {
            self.developerUserIdentifierList = developerUserIdentifierList
            self.identityId = identityId
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case developerUserIdentifierList = "DeveloperUserIdentifierList"
            case identityId = "IdentityId"
            case nextToken = "NextToken"
        }
    }

    public struct MappingRule: AWSEncodableShape & AWSDecodableShape {
        /// The claim name that must be present in the token, for example, "isAdmin" or "paid".
        public let claim: String
        /// The match condition that specifies how closely the claim value in the IdP token must match Value.
        public let matchType: MappingRuleMatchType
        /// The role ARN.
        public let roleARN: String
        /// A brief string that the claim must match, for example, "paid" or "yes".
        public let value: String

        @inlinable
        public init(claim: String, matchType: MappingRuleMatchType, roleARN: String, value: String) {
            self.claim = claim
            self.matchType = matchType
            self.roleARN = roleARN
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.claim, name: "claim", parent: name, max: 64)
            try self.validate(self.claim, name: "claim", parent: name, min: 1)
            try self.validate(self.claim, name: "claim", parent: name, pattern: "^[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+$")
            try self.validate(self.roleARN, name: "roleARN", parent: name, max: 2048)
            try self.validate(self.roleARN, name: "roleARN", parent: name, min: 20)
            try self.validate(self.value, name: "value", parent: name, max: 128)
            try self.validate(self.value, name: "value", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case claim = "Claim"
            case matchType = "MatchType"
            case roleARN = "RoleARN"
            case value = "Value"
        }
    }

    public struct MergeDeveloperIdentitiesInput: AWSEncodableShape {
        /// User identifier for the destination user. The value should be a DeveloperUserIdentifier.
        public let destinationUserIdentifier: String
        /// The "domain" by which Cognito will refer to your users. This is a (pseudo) domain name that you provide while creating an identity pool. This name acts as a placeholder that allows your backend and the Cognito service to communicate about the developer provider. For the DeveloperProviderName, you can use letters as well as period (.), underscore (_), and dash (-).
        public let developerProviderName: String
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String
        /// User identifier for the source user. The value should be a DeveloperUserIdentifier.
        public let sourceUserIdentifier: String

        @inlinable
        public init(destinationUserIdentifier: String, developerProviderName: String, identityPoolId: String, sourceUserIdentifier: String) {
            self.destinationUserIdentifier = destinationUserIdentifier
            self.developerProviderName = developerProviderName
            self.identityPoolId = identityPoolId
            self.sourceUserIdentifier = sourceUserIdentifier
        }

        public func validate(name: String) throws {
            try self.validate(self.destinationUserIdentifier, name: "destinationUserIdentifier", parent: name, max: 1024)
            try self.validate(self.destinationUserIdentifier, name: "destinationUserIdentifier", parent: name, min: 1)
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, max: 128)
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, min: 1)
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, pattern: "^[\\w._-]+$")
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.validate(self.sourceUserIdentifier, name: "sourceUserIdentifier", parent: name, max: 1024)
            try self.validate(self.sourceUserIdentifier, name: "sourceUserIdentifier", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case destinationUserIdentifier = "DestinationUserIdentifier"
            case developerProviderName = "DeveloperProviderName"
            case identityPoolId = "IdentityPoolId"
            case sourceUserIdentifier = "SourceUserIdentifier"
        }
    }

    public struct MergeDeveloperIdentitiesResponse: AWSDecodableShape {
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String?

        @inlinable
        public init(identityId: String? = nil) {
            self.identityId = identityId
        }

        private enum CodingKeys: String, CodingKey {
            case identityId = "IdentityId"
        }
    }

    public struct RoleMapping: AWSEncodableShape & AWSDecodableShape {
        /// If you specify Token or Rules as the Type, AmbiguousRoleResolution is required. Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type.
        public let ambiguousRoleResolution: AmbiguousRoleResolutionType?
        /// The rules to be used for mapping users to roles. If you specify Rules as the role mapping type, RulesConfiguration is required.
        public let rulesConfiguration: RulesConfigurationType?
        /// The role mapping type. Token will use cognito:roles and cognito:preferred_role claims from the Cognito identity provider token to map groups to roles. Rules will attempt to match claims from the token to map to a role.
        public let type: RoleMappingType

        @inlinable
        public init(ambiguousRoleResolution: AmbiguousRoleResolutionType? = nil, rulesConfiguration: RulesConfigurationType? = nil, type: RoleMappingType) {
            self.ambiguousRoleResolution = ambiguousRoleResolution
            self.rulesConfiguration = rulesConfiguration
            self.type = type
        }

        public func validate(name: String) throws {
            try self.rulesConfiguration?.validate(name: "\(name).rulesConfiguration")
        }

        private enum CodingKeys: String, CodingKey {
            case ambiguousRoleResolution = "AmbiguousRoleResolution"
            case rulesConfiguration = "RulesConfiguration"
            case type = "Type"
        }
    }

    public struct RulesConfigurationType: AWSEncodableShape & AWSDecodableShape {
        /// An array of rules. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role.
        public let rules: [MappingRule]

        @inlinable
        public init(rules: [MappingRule]) {
            self.rules = rules
        }

        public func validate(name: String) throws {
            try self.rules.forEach {
                try $0.validate(name: "\(name).rules[]")
            }
            try self.validate(self.rules, name: "rules", parent: name, max: 400)
            try self.validate(self.rules, name: "rules", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case rules = "Rules"
        }
    }

    public struct SetIdentityPoolRolesInput: AWSEncodableShape {
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String
        /// How users for a specific identity provider are to mapped to roles. This is a string to RoleMapping object map. The string identifies the identity provider, for example, graph.facebook.com or cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id. Up to 25 rules can be specified per identity provider.
        public let roleMappings: [String: RoleMapping]?
        /// The map of roles associated with this pool. For a given role, the key will be either "authenticated" or "unauthenticated" and the value will be the Role ARN.
        public let roles: [String: String]

        @inlinable
        public init(identityPoolId: String, roleMappings: [String: RoleMapping]? = nil, roles: [String: String]) {
            self.identityPoolId = identityPoolId
            self.roleMappings = roleMappings
            self.roles = roles
        }

        public func validate(name: String) throws {
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.roleMappings?.forEach {
                try validate($0.key, name: "roleMappings.key", parent: name, max: 128)
                try validate($0.key, name: "roleMappings.key", parent: name, min: 1)
                try $0.value.validate(name: "\(name).roleMappings[\"\($0.key)\"]")
            }
            try self.validate(self.roleMappings, name: "roleMappings", parent: name, max: 10)
            try self.roles.forEach {
                try validate($0.key, name: "roles.key", parent: name, max: 128)
                try validate($0.key, name: "roles.key", parent: name, min: 1)
                try validate($0.key, name: "roles.key", parent: name, pattern: "^(un)?authenticated$")
                try validate($0.value, name: "roles[\"\($0.key)\"]", parent: name, max: 2048)
                try validate($0.value, name: "roles[\"\($0.key)\"]", parent: name, min: 20)
            }
            try self.validate(self.roles, name: "roles", parent: name, max: 2)
        }

        private enum CodingKeys: String, CodingKey {
            case identityPoolId = "IdentityPoolId"
            case roleMappings = "RoleMappings"
            case roles = "Roles"
        }
    }

    public struct SetPrincipalTagAttributeMapInput: AWSEncodableShape {
        /// The ID of the Identity Pool you want to set attribute mappings for.
        public let identityPoolId: String
        /// The provider name you want to use for attribute mappings.
        public let identityProviderName: String
        /// You can use this operation to add principal tags.
        public let principalTags: [String: String]?
        /// You can use this operation to use default (username and clientID) attribute mappings.
        public let useDefaults: Bool?

        @inlinable
        public init(identityPoolId: String, identityProviderName: String, principalTags: [String: String]? = nil, useDefaults: Bool? = nil) {
            self.identityPoolId = identityPoolId
            self.identityProviderName = identityProviderName
            self.principalTags = principalTags
            self.useDefaults = useDefaults
        }

        public func validate(name: String) throws {
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.validate(self.identityProviderName, name: "identityProviderName", parent: name, max: 128)
            try self.validate(self.identityProviderName, name: "identityProviderName", parent: name, min: 1)
            try self.principalTags?.forEach {
                try validate($0.key, name: "principalTags.key", parent: name, max: 128)
                try validate($0.key, name: "principalTags.key", parent: name, min: 1)
                try validate($0.value, name: "principalTags[\"\($0.key)\"]", parent: name, max: 256)
                try validate($0.value, name: "principalTags[\"\($0.key)\"]", parent: name, min: 1)
            }
            try self.validate(self.principalTags, name: "principalTags", parent: name, max: 50)
        }

        private enum CodingKeys: String, CodingKey {
            case identityPoolId = "IdentityPoolId"
            case identityProviderName = "IdentityProviderName"
            case principalTags = "PrincipalTags"
            case useDefaults = "UseDefaults"
        }
    }

    public struct SetPrincipalTagAttributeMapResponse: AWSDecodableShape {
        /// The ID of the Identity Pool you want to set attribute mappings for.
        public let identityPoolId: String?
        /// The provider name you want to use for attribute mappings.
        public let identityProviderName: String?
        /// You can use this operation to add principal tags. The PrincipalTagsoperation enables you to reference user attributes in your IAM permissions policy.
        public let principalTags: [String: String]?
        /// You can use this operation to select default (username and clientID) attribute mappings.
        public let useDefaults: Bool?

        @inlinable
        public init(identityPoolId: String? = nil, identityProviderName: String? = nil, principalTags: [String: String]? = nil, useDefaults: Bool? = nil) {
            self.identityPoolId = identityPoolId
            self.identityProviderName = identityProviderName
            self.principalTags = principalTags
            self.useDefaults = useDefaults
        }

        private enum CodingKeys: String, CodingKey {
            case identityPoolId = "IdentityPoolId"
            case identityProviderName = "IdentityProviderName"
            case principalTags = "PrincipalTags"
            case useDefaults = "UseDefaults"
        }
    }

    public struct TagResourceInput: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the identity pool.
        public let resourceArn: String
        /// The tags to assign to the identity pool.
        public let tags: [String: String]

        @inlinable
        public init(resourceArn: String, tags: [String: String]) {
            self.resourceArn = resourceArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 20)
            try self.tags.forEach {
                try validate($0.key, name: "tags.key", parent: name, max: 128)
                try validate($0.key, name: "tags.key", parent: name, min: 1)
                try validate($0.value, name: "tags[\"\($0.key)\"]", parent: name, max: 256)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "ResourceArn"
            case tags = "Tags"
        }
    }

    public struct TagResourceResponse: AWSDecodableShape {
        public init() {}
    }

    public struct UnlinkDeveloperIdentityInput: AWSEncodableShape {
        /// The "domain" by which Cognito will refer to your users.
        public let developerProviderName: String
        /// A unique ID used by your backend authentication process to identify a user.
        public let developerUserIdentifier: String
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String
        /// An identity pool ID in the format REGION:GUID.
        public let identityPoolId: String

        @inlinable
        public init(developerProviderName: String, developerUserIdentifier: String, identityId: String, identityPoolId: String) {
            self.developerProviderName = developerProviderName
            self.developerUserIdentifier = developerUserIdentifier
            self.identityId = identityId
            self.identityPoolId = identityPoolId
        }

        public func validate(name: String) throws {
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, max: 128)
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, min: 1)
            try self.validate(self.developerProviderName, name: "developerProviderName", parent: name, pattern: "^[\\w._-]+$")
            try self.validate(self.developerUserIdentifier, name: "developerUserIdentifier", parent: name, max: 1024)
            try self.validate(self.developerUserIdentifier, name: "developerUserIdentifier", parent: name, min: 1)
            try self.validate(self.identityId, name: "identityId", parent: name, max: 55)
            try self.validate(self.identityId, name: "identityId", parent: name, min: 1)
            try self.validate(self.identityId, name: "identityId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, max: 55)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, min: 1)
            try self.validate(self.identityPoolId, name: "identityPoolId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case developerProviderName = "DeveloperProviderName"
            case developerUserIdentifier = "DeveloperUserIdentifier"
            case identityId = "IdentityId"
            case identityPoolId = "IdentityPoolId"
        }
    }

    public struct UnlinkIdentityInput: AWSEncodableShape {
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String
        /// A set of optional name-value pairs that map provider names to provider tokens.
        public let logins: [String: String]
        /// Provider names to unlink from this identity.
        public let loginsToRemove: [String]

        @inlinable
        public init(identityId: String, logins: [String: String], loginsToRemove: [String]) {
            self.identityId = identityId
            self.logins = logins
            self.loginsToRemove = loginsToRemove
        }

        public func validate(name: String) throws {
            try self.validate(self.identityId, name: "identityId", parent: name, max: 55)
            try self.validate(self.identityId, name: "identityId", parent: name, min: 1)
            try self.validate(self.identityId, name: "identityId", parent: name, pattern: "^[\\w-]+:[0-9a-f-]+$")
            try self.logins.forEach {
                try validate($0.key, name: "logins.key", parent: name, max: 128)
                try validate($0.key, name: "logins.key", parent: name, min: 1)
                try validate($0.value, name: "logins[\"\($0.key)\"]", parent: name, max: 50000)
                try validate($0.value, name: "logins[\"\($0.key)\"]", parent: name, min: 1)
            }
            try self.validate(self.logins, name: "logins", parent: name, max: 10)
            try self.loginsToRemove.forEach {
                try validate($0, name: "loginsToRemove[]", parent: name, max: 128)
                try validate($0, name: "loginsToRemove[]", parent: name, min: 1)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case identityId = "IdentityId"
            case logins = "Logins"
            case loginsToRemove = "LoginsToRemove"
        }
    }

    public struct UnprocessedIdentityId: AWSDecodableShape {
        /// The error code indicating the type of error that occurred.
        public let errorCode: ErrorCode?
        /// A unique identifier in the format REGION:GUID.
        public let identityId: String?

        @inlinable
        public init(errorCode: ErrorCode? = nil, identityId: String? = nil) {
            self.errorCode = errorCode
            self.identityId = identityId
        }

        private enum CodingKeys: String, CodingKey {
            case errorCode = "ErrorCode"
            case identityId = "IdentityId"
        }
    }

    public struct UntagResourceInput: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of the identity pool.
        public let resourceArn: String
        /// The keys of the tags to remove from the user pool.
        public let tagKeys: [String]

        @inlinable
        public init(resourceArn: String, tagKeys: [String]) {
            self.resourceArn = resourceArn
            self.tagKeys = tagKeys
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 2048)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 20)
            try self.tagKeys.forEach {
                try validate($0, name: "tagKeys[]", parent: name, max: 128)
                try validate($0, name: "tagKeys[]", parent: name, min: 1)
            }
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "ResourceArn"
            case tagKeys = "TagKeys"
        }
    }

    public struct UntagResourceResponse: AWSDecodableShape {
        public init() {}
    }
}

// MARK: - Errors

/// Error enum for CognitoIdentity
public struct CognitoIdentityErrorType: AWSErrorType {
    enum Code: String {
        case concurrentModificationException = "ConcurrentModificationException"
        case developerUserAlreadyRegisteredException = "DeveloperUserAlreadyRegisteredException"
        case externalServiceException = "ExternalServiceException"
        case internalErrorException = "InternalErrorException"
        case invalidIdentityPoolConfigurationException = "InvalidIdentityPoolConfigurationException"
        case invalidParameterException = "InvalidParameterException"
        case limitExceededException = "LimitExceededException"
        case notAuthorizedException = "NotAuthorizedException"
        case resourceConflictException = "ResourceConflictException"
        case resourceNotFoundException = "ResourceNotFoundException"
        case tooManyRequestsException = "TooManyRequestsException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize CognitoIdentity
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// Thrown if there are parallel requests to modify a resource.
    public static var concurrentModificationException: Self { .init(.concurrentModificationException) }
    /// The provided developer user identifier is already registered with Cognito under a different identity ID.
    public static var developerUserAlreadyRegisteredException: Self { .init(.developerUserAlreadyRegisteredException) }
    /// An exception thrown when a dependent service such as Facebook or Twitter is not responding
    public static var externalServiceException: Self { .init(.externalServiceException) }
    /// Thrown when the service encounters an error during processing the request.
    public static var internalErrorException: Self { .init(.internalErrorException) }
    /// If you provided authentication information in the request, the identity pool has no authenticated role configured, or STS returned an error response to the request to assume the authenticated role from the identity pool. If you provided no authentication information in the request, the identity pool has no unauthenticated role configured, or STS returned an error response to the request to assume the unauthenticated role from the identity pool. Your role trust policy must grant AssumeRoleWithWebIdentity permissions to cognito-identity.amazonaws.com.
    public static var invalidIdentityPoolConfigurationException: Self { .init(.invalidIdentityPoolConfigurationException) }
    /// Thrown for missing or bad input parameter(s).
    public static var invalidParameterException: Self { .init(.invalidParameterException) }
    /// Thrown when the total number of user pools has exceeded a preset limit.
    public static var limitExceededException: Self { .init(.limitExceededException) }
    /// Thrown when a user is not authorized to access the requested resource.
    public static var notAuthorizedException: Self { .init(.notAuthorizedException) }
    /// Thrown when a user tries to use a login which is already linked to another account.
    public static var resourceConflictException: Self { .init(.resourceConflictException) }
    /// Thrown when the requested resource (for example, a dataset or record) does not exist.
    public static var resourceNotFoundException: Self { .init(.resourceNotFoundException) }
    /// Thrown when a request is throttled.
    public static var tooManyRequestsException: Self { .init(.tooManyRequestsException) }
}

extension CognitoIdentityErrorType: Equatable {
    public static func == (lhs: CognitoIdentityErrorType, rhs: CognitoIdentityErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension CognitoIdentityErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
